Security fail for Apple as hacker cracks iOS in-app purchasing

A Russian hacker claims to have found a way to crack the in-app purchasing mechanism used in iOS so that users can get free content in a variety of applications.

The hacker, dubbed ZonD80, posted a video of the crack on YouTube and claims that the technique makes it possible to beat Apple’s payment systems by installing a couple of certificates and assigning a specific IP address to the device.

ZonD80 is now asking for donations to set up a website to promote the hack.

“Why you must to pay for content, already included in purchased app? I think, you must not,” he said.

No doubt Apple and the developers who depend on people paying for what they use would beg to differ. Apple hasn’t responded to requests for information from El Reg but Cupertino’s developers will no doubt be putting pressure on to fix the problem.

In testing carried out by the 9to5 Mac, the hack works on iOS 3.0 or later and doesn’t require the user to jailbreak their handset. The site reports that some applications can’t be hacked, and its possible Apple’s system for payment validation may cause the technique to fail. ®